Free Republic
Browse · Search
Smoky Backroom
Topics · Post Article

Skip to comments.

Mac, Windows QuickTime Flaw Opens 'Month Of Apple Bugs'
Information Week ^ | Jan 2, 2007 03:04 PM | Gregg Keizer

Posted on 01/03/2007 11:04:31 AM PST by newgeezer

The exploit could be used by attackers to compromise, hijack, or infect computers running either Windows or Mac OS X.

The Month of Apple Bugs project kicked off Monday by posting a zero-day vulnerability in Apple's QuickTime media player. It also posted an exploit that could be used by attackers to compromise, hijack, or infect computers running either Windows or Mac OS X.

The Month of Apple Bugs (MoAB), which will announce a new security vulnerability in Apple's operating system or other Mac OS X software each day in January, is a follow-on to November's "Month of Kernel Bugs" campaign, and is co-hosted by that project's poster, a hacker who goes by the initials "LMH," and a partner, Kevin Finisterre, a researcher who has posted numerous Mac vulnerabilities and analyses on his own site.

The debut vulnerability is in QuickTime 7's parsing of RTSP (RealTime Streaming Protocol); the protocol is used to transmit streaming audio, video, and 3-D animation over the Web. Users duped into clicking on an overlong rtsp:// link could find their PCs or Macs compromised. It also may be possible to automatically trigger an attack simply by enticing users to a malicious Web site.

"Exploitation of this issue is trivial," said LMH in the vulnerability's write-up on the MoAB Web site. The associated exploit code has been tested on Mac OS X running on Intel-based systems, and works against QuickTime 7.1.3, the current version of the player, LMH and Finisterre said.

Other security researchers rang alarms Tuesday. Danish vulnerability tracker Secunia, for example, pegged the bug as "highly critical," the second-from-the-top threat in its five-step score, and Symantec alerted customers of its DeepSight threat network of the vulnerability.

An Apple spokesman declined to confirm the vulnerability, or, if it was legitimate, when the flaw might be fixed. In an e-mail, he said that "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users. We always welcome feedback on how to improve security on the Mac."

LMH, who didn't immediately reply to several questions sent via e-mail, said on the MoAB site that Apple's Mac OS X operating system was chosen as the target for the month of vulnerabilities because "we like to play with OS X, we enjoy hate e-mail, and it's not as crowded as (random software vendor), yet. Thus, it's really comfortable for research and there's so much to be worked out."

He also said that Apple -- and other vendors whose Mac OS X applications might be the focus of a bug posted during the month's run -- would not be notified in most cases before the information went live, and dismissed that practice. "The point is releasing them without vendor notification. The problem with so-called 'responsible disclosure' is that for some people, it means keeping others on hold for insane amounts of time, even when the fix should be trivial. And the reward (automated responses and euphemism-heavy advisories) doesn't pay off in the end."

LMH, Finisterre, and commercial security vendors recommended that users cripple QuickTime's ability to process rtsp:// links. In Windows, launch QuickTime, select Edit|Preferences|QuickTime Preferences, click the File Types tab, expand Streaming, and clear the box marked "RTSP stream descriptor." In Mac OS X, select System Preferences|QuickTime|Advanced|MIME Settings|Streaming|Streaming Movies and clear the "RTSP stream descriptor" box.

Apple's QuickTime was last in the news during December, when a bug in the player was exploited by fraudsters on MySpace. That vulnerability remains unpatched.

LMH expects to see more QuickTime attacks now that his newest flaw has gone public. He said, "It's a matter of time to see this getting abused in the wild."


TOPICS:
KEYWORDS: apple; bugs; moab; security; threadjester
Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100 ... 541-557 next last
To: for-q-clinton
Ok, then what about the wireless card driver bug?

It was a hoax. The perpetrators were even offered a new MacBook if they could make their exploit work on it, and they couldn't do it.

Once again the anti-M$ folks at FR will find excuses and not accept the fact that MACs are vulnerable to attack.

Everything is theoretically vulnerable to some degree. OTOH, an M113 is a lot more vulnerable than an M1A1.

61 posted on 01/04/2007 7:20:07 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 55 | View Replies]

To: for-q-clinton
I'm confue. Anti-R and Hal9000 have said that the virus was for MAC OS9, but it looks like your post says they are for OS X.

There were viruses, etc., in the wild for OS 9 and previous. However, there is almost no relation between OS 9 and OS X. Apple didn't just upgrade their ancient, outdated OS like Microsoft did -- they replaced it completely.

There are proofs of concept for OS X that don't work well, but nothing in the wild. To take your Apple hatred out of the equation, remember that the credit for a superior security model doesn't really go to Apple, but the FreeBSD UNIX that is the base of OS X. FreeBSD is well-known for being a very robust and secure OS.

62 posted on 01/04/2007 7:28:40 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 58 | View Replies]

To: Space Wrangler
My area of expertise is data security, and I know that many black hatters are salivating to be the one that brings Apple to it's knees.

That's what I've been saying for a while, but the Mac haters always say no, nobody's interested because of marketshare. BS, there are a lot of hackers out there who do it for glory. OS X will get malware in the wild for it, eventually. It is inevitable.

63 posted on 01/04/2007 7:31:49 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 60 | View Replies]

To: for-q-clinton
So how can it be possible if MAC is so secure?

MAC (Media Access Control, part of OSI Layer 2) is not very secure, and nobody's claimed so. It's easy to spoof a MAC address. You can also change it, but that requires SU in UNIX (which almost nobody runs under, even in OS X) or Administrator in Windows (which most people run under).

Oh, you were maybe talking about Mac OS X?

64 posted on 01/04/2007 8:00:12 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 56 | View Replies]

To: for-q-clinton

"But if you listen to the MAC faithful this type of attack is impossible on the MAC."

That is not the case at all. OS X is based on Unix and windows is based on well windows. Nobody every said that an application run by uninformed users could not cause un-intended harm to the PC. The point is the Windows OS is very insecure because it 'effectively" in normal ops is not tiered into an SU hierarchy.

That said, carelessness, passwords on posted notes, inside jobs, etc are the real security problems. But to think Mac OS X and Windows OS have equal security and reliability is just pure ignorance. Buy a Mac and try it.


65 posted on 01/04/2007 9:23:02 AM PST by Sunnyflorida ((Elections Matter)
[ Post Reply | Private Reply | To 56 | View Replies]

To: for-q-clinton
I'm confue. Anti-R and Hal9000 have said that the virus was for MAC OS9, but it looks like your post says they are for OS X. And they dismiss it because the user is prompted for admin access. As I stated earlier. Trick 1% of mac users to giving admin access...no real threat. Trick 1% of windows users and you have yourself a nice little claim to fame.

No need to be. Ignorance is curable.

What Antirepublicrat and Hal9000 are referring to is that the ONLY Mac viruses that have been found in the wild are viruses designed to infect OS 9 and older systems. OS X is a completely different animal than OS 9, sharing only the Macintosh name... there is no relationship beyond that.

"Tricking" any user into giving access is far easier on a Windows computer where 99% of users are essentially operating at "root" level. Almost 0% of Mac users operate at root. To even activate root on a Mac requires an effort on the part of the user, establishing a new user and a new password. On a Windows machine, until the release of Vista, the out of the box default user is root.

Tricking 1% of Windows users gives no one any claim to fame... that's so easy to do that script kiddies do it all the time. Script kiddies can't even make a dent in a Mac.

66 posted on 01/04/2007 9:36:50 AM PST by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 58 | View Replies]

To: SunkenCiv

After 28 years as an Apple customer, I've only encountered one virus - the "WDEF virus" around 1989-1990. It spread on floppy disks. It was difficult to get rid of because we had a bunch of Macs and a bunch of floppy discs.


67 posted on 01/04/2007 10:15:22 AM PST by HAL9000 (Get a Mac - The Ultimate FReeping Machine)
[ Post Reply | Private Reply | To 45 | View Replies]

To: for-q-clinton
Not sure if a poorly written driver is a HOAX? Windows suffers from 3rd party drivers all the time and gets a black eye from it. One could argue the OS shouldn't allow such things.

One could argue that the OS shouldn't allow third party programs to run which is what a driver is.

It was a hoax because they did not reveal that to make the Mac insecure, they had to bring in ringers... a third party WiFi card and drivers for it... when the Mac had a perfectly secure (well, not exactly, more on that in a moment) WiFi circuitry and drivers already installed that were NOT susceptible to their shenanigans. It was a hoax also because the prepared the Mac to accept the attack by installing a script they could invoke to elevate their privileges and start a terminal session. They opened the ports they needed for their invasion to work. None of this exists on a default Mac.

Maynor and Ellch also claimed they had provided Apple with the specifics of the security flaw... but Apple said they had not! Maynor and Ellch were not forthcoming with any answers when critics of their Hoax started pointing out the inconsistencies.

I agree that Windows suffers from 3rd party drivers... but for a "security specialist", which is what one of the hoaxers is, to deliberately install a compromised driver and then pretend it is the default condition is fraud.

OS X does have flaws... but they are aggressively sought and and fixed. As I said above, the Mac's default driver was not exactly secure. The FUD hoax caused Apple to go through their drivers with a fine tooth comb. They found three unrelated flaws that would crash the WiFi card driver in older model Macs that used the original Airport card. Apparently the flaws had already been fixed in the rewriting of the drivers for the upgraded cards now being shipped but had not been retroactively fixed in older machines. They issued a software update that fixed it.

68 posted on 01/04/2007 10:24:45 AM PST by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 59 | View Replies]

To: Space Wrangler
Up until this point, they have ignored it, but starting about mid-2006, there is now a truly concerted effort to target Mac users.

That's BS. It hasn't been ignored; OS X has been a target for years. And the hackers have been making attempts. There have been substantial cash prizes offered for hackers who succeed in breaking into an OS X Mac. The acclaim and fame that would be given to a hacker from the cracker community for the first successful cracking of OS X's security would be pay enough for some of those who think they are super crackers.

The US Army now runs its website on OS X because of that hardness to hack.

69 posted on 01/04/2007 10:34:10 AM PST by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 60 | View Replies]

To: Swordmaker

Okay, man. OS X is inpenetrable. Whatever you say.


70 posted on 01/04/2007 10:41:09 AM PST by Space Wrangler
[ Post Reply | Private Reply | To 69 | View Replies]

To: for-q-clinton; Swordmaker; antiRepublicrat; HAL9000
I'm confue.

I nominate this to become part of the Freeper lexicon along with stuned, hugh, and series.

:-)

71 posted on 01/04/2007 10:44:38 AM PST by Mind-numbed Robot (Not all that needs to be done, needs to be done by the government.)
[ Post Reply | Private Reply | To 58 | View Replies]

To: HAL9000

:')


72 posted on 01/04/2007 10:53:40 AM PST by SunkenCiv (Ahmedumbass and the mullahcracy is doomed. https://secure.freerepublic.com/donate/)
[ Post Reply | Private Reply | To 67 | View Replies]

To: Space Wrangler
Okay, man. OS X is inpenetrable. Whatever you say.

I didn't say it is impenetrable, I said it is very, very difficult to do. It is not a trivial matter.

One UNIX security expert has said "No OS is impenetrable but where the effort to write a virus on a Windows box is a 1 on a scale of 1 to 10, the OS X Mac is a 9."

Trojan horses are always possible... psychological persuasion to do something stupid can work whether you are running a Mac or a Windows or a Linux box... but even with a Trojan, on a Mac, the damage is limited to the permissions the user has.

73 posted on 01/04/2007 12:01:02 PM PST by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 70 | View Replies]

To: Space Wrangler
Okay, man. OS X is inpenetrable. Whatever you say.

Noone in the Mac community is suggesting that OS X is inpenetrable or that Mac users should not use best practices. We're simply saying that Mac OS X has a proven track record of being demonstrably safer than Windows, thanks to better software engineering. The Microsoft stooges who claim that the Mac's excellent safety record is attributable entirely to market share are wrong. If Mac OS X had the same shoddy design as Windows, we'd have a plague of virus infections too.

74 posted on 01/04/2007 12:01:54 PM PST by HAL9000 (Get a Mac - The Ultimate FReeping Machine)
[ Post Reply | Private Reply | To 70 | View Replies]

To: HAL9000
Noone in the Mac community is suggesting that OS X is inpenetrable or that Mac users should not use best practices. We're simply saying that Mac OS X has a proven track record of being demonstrably safer than Windows, thanks to better software engineering. The Microsoft stooges who claim that the Mac's excellent safety record is attributable entirely to market share are wrong. If Mac OS X had the same shoddy design as Windows, we'd have a plague of virus infections too.

Yeah right. I never said windows was on par with Mac's security either, but yet the MAC faithful rally to their defense giving the perception it's impossible to have a virus in the wild on it. All I really started with is by saying security by obscurity is no real security. I never said MAC only relies on obscurity; however, it is a fact that windows is a much larger targeted platform.

I guess I confue everone :-D I do like the idea that we make that part of the FR lexicon.

75 posted on 01/04/2007 1:01:16 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 74 | View Replies]

To: Swordmaker
The US Army now runs its website on OS X because of that hardness to hack.

What does the REAL IT unit of the military use for most of their servers? BTW: That's the Air Force not the Army.

76 posted on 01/04/2007 1:02:17 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 69 | View Replies]

To: Swordmaker
Tricking 1% of Windows users gives no one any claim to fame... that's so easy to do that script kiddies do it all the time.

Really? do you even know how many uses would need to be duped to make 1% of the windows user base? Try it's easy to dupe .1% or maybe even .01%.

77 posted on 01/04/2007 1:05:12 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 66 | View Replies]

To: Swordmaker
No need to be. Ignorance is curable.

I agree it is curable. Go back and read the responses. One MAC supporter says the virus was only on OS9 the other says it was on OSX, but not in the wild. Which is it...was the virus I mentioned in the wild on OS9 or on OSX but not in the wild?

78 posted on 01/04/2007 1:07:34 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 66 | View Replies]

To: for-q-clinton
BTW: That's the Air Force not the Army.

The title of the article I linked to is


79 posted on 01/04/2007 5:32:52 PM PST by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 76 | View Replies]

To: for-q-clinton
but yet the MAC faithful. . .

Why are you so obsessed with Media Access Control? In case you haven't figured it out, it is "Mac" not "MAC"; it is not an acronym.

All I really started with is by saying security by obscurity is no real security.

Which implies that Macs are secure because they are "obscure". To which I pointed out the fallacy of that position. I agree, Windows is a much larger target... but it is also an easier target by far.

80 posted on 01/04/2007 5:37:52 PM PST by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 75 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100 ... 541-557 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Smoky Backroom
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson